/[cvs]/jonen/notes/notes_2003-02.txt

Diff of /jonen/notes/notes_2003-02.txt

Parent Directory | Revision Log | View Patch Patch

-revision 1.2 by jonen,
Sun Mar  9 15:03:18 2003 UTC
+revision 1.3 by jonen,
Sun Mar  9 16:15:01 2003 UTC
 Line 1
-   - Unix-Systems/Debian:
+   - Unix-Systems
-     o learn howto move /etc of servers to cvs !!
+     o learn howto move/maintain /etc of servers at cvs !!
-     x search if new packages available, do 'apt-get --dry-run upgrade'!
+     Debian:
-      x build small systool script 'apt-get_remote.pl' which do a cronly 'apt-get --dry-run upgrade' and send output via mail
+       x search if new packages available, do 'apt-get --dry-run upgrade'!
-      o review 'apt-get_remote.pl'
+        x build small systool script 'apt-get_remote.pl' which do a cronly 'apt-get --dry-run upgrade' and send output via mail
-        o what's about parsing some response for comand like installing some marked packages
+        o review 'apt-get_remote.pl'
+          o what's about parsing some response for comand like installing some marked packages
+     FreeBSD(stable):
+       o read more about BSD package systems (pkg, cvsup)
+         x for simple package installation/de-installation use pkg
+           x install downloaded package:
+               :# pkg_add <package>-<version>.tgz
+           x install package via remote server(only if package is available as *latest*):
+                 pkg_add -r <package>.tgz
+         x using cvsup
+           x newbies could use cvsupit (not what it really does..)
+               :# pkg_add -r cvsupit.tgz
+             - cvsupit will proberly ask you for the default values it
+               place at /etc/cvsupfile, which is used by cvsup
+             - after that it will start cvsup to update your system
+           x if /etc/cvsupfile already exists and you know what you do,
+              this command will update your system (maybe run it via cron...):
+               :# /usr/local/bin/cvsup -g -L 2 /etc/cvsupfile
+       o whats about daemon start-stop scripts (like at linux: /etc/init.d/) ?
+       x configure and compile custom kernel:
+         x read http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-building.html
+         x create custom kernel conf-file
+           - cd usr/src/sys/i386/conf/
+           - copy default kenrnel GENERIC to eg MYKERNEL
+           - edit/modify MYKERNEL
+         x configure sources(really?)
+           - run /usr/sbin/config MYKERNEL
+         x build kernel
+           - cd ../../MYKERNEL
+           - make depend
+           - make
+           - make install
+       x use packet fiters (firewall):
+         x read http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html
+         x some options at the kernel have to be enabled:
+           options IPFIREWALL                       #Compiles into the kernel the code for packet filtering.
+           options IPFIREWALL_VERBOSE    #Enables code to allow logging of packets through syslogd.
+                                                                   # Without this option, even if you specify that packets should be logged in the filter rules,
+                                                                   #  nothing will happen.
+           options IPFIREWALL_VERBOSE_LIMIT=10      #Limits the number of packets logged through syslogd on a per entry basis.
+                                                                                     # You may wish to use this option in hostile environments in which you want to log firewall activity,
+                                                                                     # but do not want to be open to a denial of service attack via syslog flooding.
+                                                                                     # When a chain entry reaches the packet limit specified, logging is turned off for that particular entry.
+                                                                                     # To resume logging, you will need to reset the associated counter using the ipfw(8) utility:
+                                                                                     #        ipfw zero 4500
+                                                                                     #    Where 4500 is the chain entry you wish to continue logging.
+           options IPFIREWALL_DEFAULT_TO_ACCEPT     #This changes the default rule action from ``deny'' to ``allow''.
+                                                                                         # This avoids the possibility of locking yourself out if you happen to boot a kernel with IPFIREWALL support but have not configured your firewall yet.
+                                                                                         # It is also very useful if you often use ipfw(8) as a filter for specific problems as they arise.
+                                                                                         # Use with care though, as this opens up the firewall and changes the way it works.
+         x firewall is enabled at /etc/rc.conf (or /etc/rc.conf.local)
+              firewall_enabled = "YES"
+              firewall_type = "<firewall_type>"
+           x <firewall_type> is either a case at /etc/rc.firewall (/etc/rc.firewall6 for ipv6)
+              or some custom file to read rules from.
+           x  Use firewall_type = "OPEN" for default policy 'OPEN' (allow all)
    - QoS (Quality of Services)
      o check it out !

 Legend:



Removed from v.1.2
 


changed lines


 
Added in v.1.3
 Legend:



Removed from v.1.2
 


changed lines


 
Added in v.1.3
-Removed from v.1.2
+Added in v.1.3

MailToCvsAdmin">MailToCvsAdmin	ViewVC Help
Powered by ViewVC 1.1.26